How to add two statements to a AWK function-CodePudding

So I need to get all lines that has specific data in column $3 and I want to exclude every line that has "normal" in column $13, the input file is an imported file from the same directory but prompted by the user to select one as there's 5 files to choose from. the input files are all csvs and the output should be csv as well. this is what I've got so far.

the user's prompted to select an input file and then select a column to search an input in, as column one is for protocols, the user can search up for any line that has a certain protocol in the line, but at the same time all lines that contains "normal" needs to be excluded. any suggestions.

if [ $column -eq 1 ]; then
read -p "Enter the protocol you want results for: " val1
val1=${val1^^}
awk -F, "/$val1/" ${logs[sel]} > $filename.csv

{DATE,DURATION,PROTOCOL,SRC IP,SRC PORT,DEST IP,DEST PORT,PACKETS,BYTES,FLOWS,FLAGS,TOS,CLASS
    29:54.3,0.001,TCP  ,EXT_SERVER,5358,10127_82,41738,1,40,1,.A.R..,0,suspicious
    29:54.3,0.001,TCP  ,10127_82,41738,EXT_SERVER,5358,1,46,1,....S.,0,suspicious
    29:59.2,0.033,TCP  ,EXT_SERVER,3419,10055_218,58953,1,40,1,.A.R..,0,suspicious
    29:59.2,0.033,TCP  ,10055_218,58953,EXT_SERVER,3419,2,92,1,...RS.,0,suspicious
    29:01.8,58.256,TCP  ,10004_35,54889,EXT_SERVER,22,7,420,1,.APRSF,0,suspicious
    29:01.8,58.256,TCP  ,EXT_SERVER,22,10004_35,54889,13,7774,1,.AP.SF,0,suspicious
    27:01.3,10.018,TCP  ,10006_27,22271,EXT_SERVER,22,15,2163,1,.AP.SF,0,suspicious
    27:01.3,10.018,TCP  ,EXT_SERVER,22,10006_27,22271,19,3185,1,.AP.SF,0,suspicious
    28:19.0,122.15,TCP  ,10004_35,61634,EXT_SERVER,22,7,420,1,.APRS.,0,suspicious
    28:19.0,122.15,TCP  ,EXT_SERVER,22,10004_35,61634,10,2615,1,.AP.SF,0,suspicious
    27:48.6,0.068,TCP  ,EXT_SERVER,8000,OPENSTACK_NET,64402,7,561,1,.AP.SF,0,normal
    27:48.6,0.068,TCP  ,OPENSTACK_NET,64402,EXT_SERVER,8000,6,589,1,.AP.SF,0,normal}

This is some of the sample data from an input

CodePudding user response：

Something like this, maybe?:

$ awk 'BEGIN {
    FS=","
    printf "file: "
    if((getline f < "/dev/stdin") > 0) {
        ARGC=2
        ARGV[1]=f
    } else
        exit 1
    printf "protocol: "
    if((getline p < "/dev/stdin") <= 0)
        exit 1
}
$NF!="normal" && $3~toupper(p)'

Notice, that there is no test whether the file exits or not. Also, if the data file uses \r\n line endings, $NF!="normal" will fail (consider RS="\r?\n" if your awk supports).

CodePudding user response：

all lines that has specific data in column $3

OK, what should $3 contain?

as column one is for protocols, the user can search up for any line that has a certain protocol in the line

Can the protocol appear anywhere in the line?

Your code lacks context, but that would be:

read -p "Enter the protocol you want results for: " val1

awk -F, -v val="${val1^^}" '$3 ~ val && ! $13 ~ "normal"' "${logs[sel]}" > "$filename.csv"